From: Alan Burlison <Alan.Burlison@oracle.com>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Eric Dumazet <eric.dumazet@gmail.com>,
Casper.Dik@oracle.com, David Miller <davem@davemloft.net>,
stephen@networkplumber.org, netdev@vger.kernel.org,
dholland-tech@netbsd.org
Subject: Re: [Bug 106241] New: shutdown(3)/close(3) behaviour is incorrect for sockets in accept(3)
Date: Thu, 22 Oct 2015 18:39:34 +0100 [thread overview]
Message-ID: <56291F56.2080906@oracle.com> (raw)
In-Reply-To: <20151022170548.GR22011@ZenIV.linux.org.uk>
On 22/10/2015 18:05, Al Viro wrote:
> Oh, for... Right in this thread an example of complete BS has been quoted
> from POSIX close(2). The part about closing a file when the last descriptor
> gets closed. _Nothing_ is POSIX-compliant in that respect (nor should
> it be).
That's not exactly what it says, we've already discussed, for example in
the case of pending async IO on a filehandle.
> Semantics around the distinction between file descriptors and
> <barf> file descriptions is underspecified, not to mention being very poorly
> written.
I agree that part could do with some polishing.
> You want to add something along the lines of "if any action by another thread
> changes the mapping from file descriptors to file descriptions for any
> file descriptor passed to syscall, such and such things should happen" - go
> ahead and specify what should happen. As it is, I don't see anything of
> that sort in e.g. accept(2). And no,
> [EBADF]
> The socket argument is not a valid file descriptor.
> in there is nowhere near being unambiguous enough - everyone agrees that
> argument should be a valid descriptor at the time of call, but I would be
> very surprised to find _any_ implementation (including Solaris one)
> recheck that upon exit to userland.
The scenario I described previously, where dup2() is used to modify a fd
that's being used in accept, result in the accept call terminating in
the same way as if close had been called on it - Casper gave details
earlier.
> For more bullshit from the same source (issue 7, close(2)):
> If fildes refers to a socket, close() shall cause the socket to be
> destroyed. If the socket is in connection-mode, and the SO_LINGER
> option is set for the socket with non-zero linger time, and the socket
> has untransmitted data, then close() shall block for up to the current
> linger interval until all data is transmitted.
> I challenge you to find *any* implementation that would have
> fd = socket(...);
> close(dup(fd));
> do what this wonder of technical prose clearly requests. In the same text we
> also have
> When all file descriptors associated with a pipe or FIFO special file
> are closed, any data remaining in the pipe or FIFO shall be discarded.
> as well as explicit (and underspecified, but perhaps they do it elsewhere)
> "last close" in parts related to sockets and ptys.
Yes, Casper has just reported that to TOG, see
http://thread.gmane.org/gmane.comp.standards.posix.austin.general/11573.
Our assessment is that sockets should behave the same way as plain
files, i.e. 'last close'.
> And that is not to mention the dup2(2) wording in there:
> If fildes2 is already a valid open file descriptor, it shall be
> closed first
> which is (a) inviting misinterpretation that would make the damn thing
> non-atomic (the only mentioning of atomicity is in non-normative sections)
I've already explained why I believe atomic behaviour of dup2() is
required by POSIX. If you feel it's not clear then we can ask POSIX for
clarification.
> and (b) says fsck-all about the effects of closing descriptor. The latter
> is a problem, since nothing in close(2) bothers making a distinction between
> the effects specific to particular syscall and those common to all ways of
> closing a descriptor. And no, it's not a nitpicking - consider e.g. the
> parts concerning the order of events triggered by close(2) (such and such
> should be completed before close(2) returns); should it be taken as "same
> events should be completed before newfd is associated with the file description
> refered to by oldfd"? It _is_ user-visible, since close(2) removes fcntl
> locks. Sure, there is (otherwise unexplained)
> The dup2() function is not intended for use in critical regions
> as a synchronization mechanism.
> down in informative sections, so one can infer that event order here isn't
> to be relied upon. With no way to guess whether the event order concerning
> e.g. effect on ongoing accept(newfd) is any different in that respect.
I think "it shall be closed first" makes it pretty clear that what is
expected is the same behaviour as any direct invocation of close, and
that has to happen before the reassignment. What makes you believe
that's isn't the case?
> The entire area in Issue 7 stinks. It might make sense to try and fix it
> up, but let's not pretend that what's in there right now does specify the
> semantics in this kind of situations.
Sorry, I disagree.
> I'm not saying that Solaris approach yields an inherently bad semantics or
> that it's impossible to implement without high scalability price and/or
> high memory footprint. But waving the flag of POSIX compliance when you
> are actually talking about the ways your implementation plugs the holes in
> a badly incomplete spec...
Personally I believe the spec is clear enough to allow an unambiguous
interpretation of the required behavior in this area. If you think there
are areas where the Solaris behaviour is in disagreement with the spec
then I'd be interested to hear them.
--
Alan Burlison
--
next prev parent reply other threads:[~2015-10-22 17:39 UTC|newest]
Thread overview: 138+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-19 16:59 Fw: [Bug 106241] New: shutdown(3)/close(3) behaviour is incorrect for sockets in accept(3) Stephen Hemminger
2015-10-19 23:33 ` Eric Dumazet
2015-10-20 1:12 ` Alan Burlison
2015-10-20 1:45 ` Eric Dumazet
2015-10-20 9:59 ` Alan Burlison
2015-10-20 11:24 ` David Miller
2015-10-20 11:39 ` Alan Burlison
2015-10-20 13:19 ` Fw: " Eric Dumazet
2015-10-20 13:45 ` Alan Burlison
2015-10-20 15:30 ` Eric Dumazet
2015-10-20 18:31 ` Alan Burlison
2015-10-20 18:42 ` Eric Dumazet
2015-10-21 10:25 ` David Laight
2015-10-21 10:49 ` Alan Burlison
2015-10-21 11:28 ` Eric Dumazet
2015-10-21 13:03 ` Alan Burlison
2015-10-21 13:29 ` Eric Dumazet
2015-10-21 3:49 ` Al Viro
2015-10-21 14:38 ` Alan Burlison
2015-10-21 15:30 ` David Miller
2015-10-21 16:04 ` Casper.Dik
2015-10-21 21:18 ` Eric Dumazet
2015-10-21 21:28 ` Al Viro
2015-10-21 16:32 ` Fw: " Eric Dumazet
2015-10-21 18:51 ` Al Viro
2015-10-21 20:33 ` Casper.Dik
2015-10-22 4:21 ` Al Viro
2015-10-22 10:55 ` Alan Burlison
2015-10-22 18:16 ` Al Viro
2015-10-22 20:15 ` Alan Burlison
2015-11-02 10:03 ` David Laight
2015-11-02 10:29 ` Al Viro
2015-10-21 22:28 ` Alan Burlison
2015-10-22 1:29 ` David Miller
2015-10-22 4:17 ` Alan Burlison
2015-10-22 4:44 ` Al Viro
2015-10-22 6:03 ` Al Viro
2015-10-22 6:34 ` Casper.Dik
2015-10-22 17:21 ` Al Viro
2015-10-22 18:24 ` Casper.Dik
2015-10-22 19:07 ` Al Viro
2015-10-22 19:51 ` Casper.Dik
2015-10-22 21:57 ` Al Viro
2015-10-23 9:52 ` Casper.Dik
2015-10-23 13:02 ` Eric Dumazet
2015-10-23 13:20 ` Casper.Dik
2015-10-23 13:48 ` Eric Dumazet
2015-10-23 14:13 ` Eric Dumazet
2015-10-23 13:35 ` Alan Burlison
2015-10-23 14:21 ` Eric Dumazet
2015-10-23 15:46 ` Alan Burlison
2015-10-23 16:00 ` Eric Dumazet
2015-10-23 16:07 ` Alan Burlison
2015-10-23 16:19 ` Eric Dumazet
2015-10-23 16:40 ` Alan Burlison
2015-10-23 17:47 ` Eric Dumazet
2015-10-23 17:59 ` [PATCH net-next] af_unix: do not report POLLOUT on listeners Eric Dumazet
2015-10-25 13:45 ` David Miller
2015-10-24 2:30 ` [Bug 106241] New: shutdown(3)/close(3) behaviour is incorrect for sockets in accept(3) Al Viro
2015-10-27 9:08 ` Casper.Dik
2015-10-27 10:52 ` Alan Burlison
2015-10-27 12:01 ` Eric Dumazet
2015-10-27 12:27 ` Alan Burlison
2015-10-27 12:44 ` Eric Dumazet
2015-10-27 13:42 ` David Miller
2015-10-27 13:37 ` Alan Burlison
2015-10-27 13:59 ` David Miller
2015-10-27 14:13 ` Alan Burlison
2015-10-27 14:39 ` David Miller
2015-10-27 14:39 ` Alan Burlison
2015-10-27 15:04 ` David Miller
2015-10-27 15:53 ` Alan Burlison
2015-10-27 23:17 ` Al Viro
2015-10-28 0:13 ` Eric Dumazet
2015-10-28 12:35 ` Al Viro
2015-10-28 13:24 ` Eric Dumazet
2015-10-28 14:47 ` Eric Dumazet
2015-10-28 21:13 ` Al Viro
2015-10-28 21:44 ` Eric Dumazet
2015-10-28 22:33 ` Al Viro
2015-10-28 23:08 ` Eric Dumazet
2015-10-29 0:15 ` Al Viro
2015-10-29 3:29 ` Eric Dumazet
2015-10-29 4:16 ` Al Viro
2015-10-29 12:35 ` Eric Dumazet
2015-10-29 13:48 ` Eric Dumazet
2015-10-30 17:18 ` Linus Torvalds
2015-10-30 21:02 ` Al Viro
2015-10-30 21:23 ` Linus Torvalds
2015-10-30 21:50 ` Linus Torvalds
2015-10-30 22:33 ` Al Viro
2015-10-30 23:52 ` Linus Torvalds
2015-10-31 0:09 ` Al Viro
2015-10-31 15:59 ` Eric Dumazet
2015-10-31 19:34 ` Al Viro
2015-10-31 19:54 ` Linus Torvalds
2015-10-31 20:29 ` Al Viro
2015-11-02 0:24 ` Al Viro
2015-11-02 0:59 ` Linus Torvalds
2015-11-02 2:14 ` Eric Dumazet
2015-11-02 6:22 ` Al Viro
2015-10-31 20:45 ` Eric Dumazet
2015-10-31 21:23 ` Linus Torvalds
2015-10-31 21:51 ` Al Viro
2015-10-31 22:34 ` Eric Dumazet
2015-10-31 1:07 ` Eric Dumazet
2015-10-28 16:04 ` Alan Burlison
2015-10-29 14:58 ` David Holland
2015-10-29 15:18 ` Alan Burlison
2015-10-29 16:01 ` David Holland
2015-10-29 16:15 ` Alan Burlison
2015-10-29 17:07 ` Al Viro
2015-10-29 17:12 ` Alan Burlison
2015-10-30 1:54 ` David Miller
2015-10-30 1:55 ` David Miller
2015-10-30 5:44 ` David Holland
2015-10-30 17:43 ` David Laight
2015-10-30 21:09 ` Al Viro
2015-11-04 15:54 ` David Laight
2015-11-04 16:27 ` Al Viro
2015-11-06 15:07 ` David Laight
2015-11-06 19:31 ` Al Viro
2015-10-22 6:51 ` Casper.Dik
2015-10-22 11:18 ` Alan Burlison
2015-10-22 11:15 ` Alan Burlison
2015-10-22 6:15 ` Casper.Dik
2015-10-22 11:30 ` Eric Dumazet
2015-10-22 11:58 ` Alan Burlison
2015-10-22 12:10 ` Eric Dumazet
2015-10-22 13:12 ` David Miller
2015-10-22 13:14 ` Alan Burlison
2015-10-22 17:05 ` Al Viro
2015-10-22 17:39 ` Alan Burlison [this message]
2015-10-22 18:56 ` Al Viro
2015-10-22 19:50 ` Casper.Dik
2015-10-23 17:09 ` Al Viro
2015-10-23 18:30 ` Fw: " David Holland
2015-10-23 19:51 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56291F56.2080906@oracle.com \
--to=alan.burlison@oracle.com \
--cc=Casper.Dik@oracle.com \
--cc=davem@davemloft.net \
--cc=dholland-tech@netbsd.org \
--cc=eric.dumazet@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=stephen@networkplumber.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.